cbcvebase.
CVE-2006-0625
published 2006-02-09

CVE-2006-0625: Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in…

PriorityP339medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
4.77%
90.8th percentile
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianspip< spip 2.0.6-1 (bullseye)spip 2.0.6-1 (bullseye)
spipspip
spipspip
spipspip
spipspip>= 0 < 2.0.6-12.0.6-1
spipspip>= 0 < 2.0.6-12.0.6-1
spipspip>= 0 < 2.0.6-12.0.6-1

CVSS provenance

nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv6.4MEDIUM
vendor_debian6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.